Overview

overview

10

Static

static

10

92c3337b3d...3c.apk

android-9-x86

10

Resubmissions

10/03/2025, 15:05

250310-sf8zxayzdy 10

10/03/2025, 05:34

250310-f9njvat1gy 10

01/03/2025, 02:26

250301-cxcd9swye1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • Size

    3.6MB

  • Sample

    250310-sf8zxayzdy

  • MD5

    0366ae0abf0ada8aed90322bfe07dfd5

  • SHA1

    2f0779ce64f02944e87674745cb446c5bc620607

  • SHA256

    92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

  • SHA512

    52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

  • SSDEEP

    98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

Score
10/10
truthspyandroidbankercollectioncredential_accessdefense_evasiondiscoveryimpactinfostealerpersistencespywaretrojan

Malware Config

Extracted

Family

truthspy

C2

http://protocol-a.thetruthspy.com/protocols/get_synx_now.aspx

http://protocol-a.thetruthspy.com/protocols/getsetting.aspx

https://thetruth-db94a-default-rtdb.firebaseio.com

https://thetruth-db94a.firebaseio.com

Extracted

Family

truthspy

C2

http://protocol-a100.phoneparental.com/protocols

Targets

    • Target

      92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

    • Size

      3.6MB

    • MD5

      0366ae0abf0ada8aed90322bfe07dfd5

    • SHA1

      2f0779ce64f02944e87674745cb446c5bc620607

    • SHA256

      92c3337b3d74f2aab8f0ca3a6f045719a3301519810d535856ff11dd743b523c

    • SHA512

      52f50f2f847628b1fb498784660050a6f189d8c7cc520c0d3a06ca28cc35ee4961d0a3daca71a540e263ab930ab629b884c3ff187d4abcd8f58549fdf87f9677

    • SSDEEP

      98304:mD/SWbGiowrvH6Odp/9hBbW+te6lXhAyHtu:mWWbGjuvl9jS+oSc

    Score
    10/10
    truthspybankercollectioncredential_accessdefense_evasiondiscoveryimpactinfostealerpersistencespywaretrojan

    • Truthspy

      Truthspy is an Android stalkerware.

      trojaninfostealerspywaretruthspy

    • Truthspy family

      truthspy

    • Checks if the Android device is rooted.

      defense_evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

1
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

2
T1421

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks